Home/ Questions/Q 8257105
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-08T02:05:17+00:00

My application calls a web service during the Authentication process (as shown in code

  • 0

My application calls a web service during the Authentication process (as shown in code below).

How can I save some information in HttpSession during this process?
This information like customer-account-number will be used in various other places in the application after the user is logged in.
Is it possible to pass HttpSession parameter to the MyServiceManager’s static login method?

 public class MyAuthenticationManager implements AuthenticationProvider {

    @Override
    public boolean supports(Class<? extends Object> authentication) {
        return authentication.equals(UsernamePasswordAuthenticationToken.class);
    }

    @Override
    public Authentication authenticate(Authentication authentication) {
                    //MyServiceManager.login - makes a call to web service
        if(MyServiceManager.login(authentication.getName(),     authentication.getCredentials().toString(), XXX_HTTP_SESSION_XXX))
        {
            List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>  ();  
            authorities.add(new GrantedAuthorityImpl("ROLE_USER"));
            authorities.add(new GrantedAuthorityImpl("ROLE_SUPERVISOR"));
            return new UsernamePasswordAuthenticationToken(authentication.getName(), authentication.getCredentials(),authorities);
        }
        else
        {
            return null;
        }

    }
 }
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    After breaking a lot of head on this issue, I was able to achive the objective using following work around.
    Getting hold of session is really not feasible in following method
    public Authentication authenticate(Authentication authentication)

    I created a class

    import java.security.Principal;

public class UserInfo implements Principal{

private String customerId;
private String accountNumber;
private String name;
}

    The information which I wanted to store in session (like customerId, accountNumber etc), I saved it in userInfo object.
    and this object was passed to UsernamePasswordAuthenticationToken

    List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();  
authorities.add(new GrantedAuthorityImpl("ROLE_USER"));
authorities.add(new GrantedAuthorityImpl("ROLE_SUPERVISOR"));
return new UsernamePasswordAuthenticationToken(**userInfo**, authentication.getCredentials(),authorities);

    This information is readily available in the user’s session using

    (UserInfo)SecurityContextHolder.getContext().getAuthentication().getPrincipal();

    I home this is a good enough way to tackle the problem.

    • 0